EUVD-2025-17307
2025-06-06
[email protected]
4.9
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Lifecycle Timeline
4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17307
CVE Published
Jun 06, 2025 - 14:15 nvd
MEDIUM 4.9
Description
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
Analysis
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
Technical Context
This vulnerability is classified as Files or Directories Accessible to External Parties (CWE-552).
Affected Products
Affected products: Samba Samba
Remediation
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Priority Score
25
Low
Medium
High
Critical
KEV: 0
EPSS: +0.1
CVSS: +24
POC: 0
Vendor Status
Ubuntu
Priority: Mediumsamba
| Release | Status | Version |
|---|---|---|
| bionic | not-affected | - |
| focal | not-affected | - |
| jammy | not-affected | - |
| noble | not-affected | - |
| oracular | not-affected | 2:4.20.4+dfsg-1ubuntu1 |
| trusty | not-affected | - |
| xenial | not-affected | - |
| plucky | released | 2:4.21.4+dfsg-1ubuntu3.1 |
| upstream | released | 2:4.22.2+dfsg-1 |
Debian
Bug #1107248samba
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | not-affected | - | - |
| bullseye (security) | fixed | 2:4.13.13+dfsg-1~deb11u7 | - |
| bookworm | not-affected | - | - |
| bookworm (security) | fixed | 2:4.17.12+dfsg-0+deb12u1 | - |
| trixie | fixed | 2:4.22.8+dfsg-0+deb13u1 | - |
| forky, sid | fixed | 2:4.23.6+dfsg-2 | - |
| (unstable) | fixed | 2:4.22.2+dfsg-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).